CVE-2015-2722

Published: Jul 6, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Affected (21)

Products: Oracle: Solaris · Mozilla: Firefox, Firefox Esr · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit

1 product

2 products

3 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

15 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 31.0
Mozilla Firefox	Version 31.1.0
Mozilla Firefox	Version 31.1.1
Mozilla Firefox	Version 31.3.0
Mozilla Firefox	Version 31.5.1
Mozilla Firefox	Version 31.5.2
Mozilla Firefox	Version 31.5.3
Mozilla Firefox	Version 38.0
Mozilla Firefox Esr	Version 31.1
Mozilla Firefox Esr	Version 31.2
Mozilla Firefox Esr	Version 31.3
Mozilla Firefox Esr	Version 31.4
Mozilla Firefox Esr	Version 31.5
Mozilla Firefox Esr	Version 31.6.0
Mozilla Firefox Esr	Version 31.7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 38.1.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux Enterprise Desktop	Version 12.0
Novell Suse Linux Enterprise Server	Version 11 sp4
Novell Suse Linux Enterprise Server	Version 12.0
Novell Suse Linux Enterprise Software Development Kit	Version 12.0

References (32)

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-65.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: security@mozilla.org

http://www.securitytracker.com/id/1032783

Source: security@mozilla.org

http://www.securitytracker.com/id/1032784

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2656-2

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1166924

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1207.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2015/mfsa2015-65.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/75541

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032783

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032784

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2656-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2656-2

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1166924

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201512-10

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.